People´s personal data are being processed every second – at work, in their relations with public authorities, in the health field, when they buy goods or services, travel or surf the internet. Individuals are generally unfamiliar with the risks related to the protection of their personal data and of their rights in this respect. They are seldom aware of what they can do if they consider that their rights have been breached, or of the role of national data protection agencies.

On 26 April 2006 the Council of Europe decided to launch a Data Protection Day to be celebrated each year on 28 January, the date on which the Council of Europe’s data protection convention, known as “Convention 108”, was opened for signature. Data Protection Day is now celebrated globally and is called Privacy Day outside Europe.

On this date, governments, parliaments, national data protection bodies and other actors carry out activities to raise awareness about the rights to personal data protection and privacy. These may include campaigns targeting the general public, educational projects for teachers and students, open doors at data protection agencies and conferences.

Consultative Committee of Convention 108 Strasbourg 27 January 2023
  • Diminuer la taille du texte
  • Augmenter la taille du texte
  • Imprimer la page
  • Imprimer en PDF
Data Protection Day: New guidelines to ensure that national digital identity systems respect human rights standards

To mark Data Protection Day, celebrated every year on 28 January, the president of the Consultative Committee of the Council of Europe data protection “Convention 108”, Elsa Mein, has stressed the need for national digital identity schemes and systems to comply with human rights standards, especially the respect to the right to privacy and personal data protection.

The Consultative Committee, which represents all parties to the convention, has published new guidelines to help governments and other actors involved in setting up and managing systems that process a range of personal data in order to certify the authenticity of an individual´s “legal identity” before the law and vis-à-vis the state.

The guidelines seek to apply the principles and provisions of the modernised data protection convention - Convention 108+. They emphasise that, given the potential for adverse impacts on human rights, national digital identity systems should take a human-rights-centered approach and explicitly integrate human rights law into their regulation, design, implementation and operation.

Data Protection Day commemorates the opening for signature of the Council of Europe data protection convention on 28 January 1981, also known as “Convention 108”. Today this treaty is the only international, multilateral and legally binding instrument to protect privacy and personal data. It has 55 parties and 36 observers.

In 2018 an amending protocol modernising the Convention 108 was adopted and opened for signature. Building on the achievements of the 1981 treaty, the updated convention – known as “Convention 108+” - aims to address the challenges for privacy resulting from the use of new information and communication technologies, establishes the convention’s follow-up mechanism and bring together various normative frameworks developed in different regions of the world. With Iceland´s ratification on 20 January 2023, already 21 states have ratified the amending protocol. Another 22 states have signed it with a view to its ratification.

On the eve of Data Protection Day, the winners of the 5th edition of the Council of Europe’s data protection Stefano Rodotà Award were announced: In the thesis category, Janis Ching Wong for her thesis “Co-creating data protection solutions through a Commons” and in the articles category a co-authored work by Sebastiao Bernardo Bruco Geraldes de Barros Vale, Katerina Demetzou and Gabriela Zanfir-Fortuna entitled “The Thin Red Line: Refocusing Data Protection Law on ADM, A Global Perspective with Lessons from Case-Law”. A special mention was also awarded to the work by Francesca Musiani and Ksenia Ermoshina on “Concealing for Freedom: The Making of Encryption, Secure Messaging and Digital Liberties”.


Video of the panel organised by the Council of Europe “Convention 108: convergence and expansion” at the 11th Edition of the “Computers, Privacy and Data Protection” international conference (CPDP) [January 2018]


Rights of internet users

The Council of Europe has created a guide for internet users to help them better understand their human rights online and what they can do when these rights are challenged.

Generally, these rights are set out in the terms of service of internet companies, which are mostly lengthy legal contractual conditions which are seldom read and even more seldom fully understood.


Handbook on European data protection law

The aim of this handbook is to raise awareness and improve knowledge of data protection rules in European Union and Council of Europe member states by serving as the main point of reference to which readers can turn.

It is designed for non-specialist legal professionals, judges, national data protection authorities and other persons working in the field of data protection. (more...)


This short film highlights the dangers posed by those who wish to illegally obtain private data.

What is the right to privacy and how is it protected under the European Convention on Human Rights?
See some example cases of how the ECHR acts to secure your privacy rights, including data and information privacy.

Reference texts

Convention for the Protection of Personal Data (No. 108)

Additional Protocol regarding supervisory authorities and transborder data flows (No. 181)

Modernised Convention for the Protection of Individuals with Regard to the Processing of Personal Data